package com.kehutong.auth.security;

import java.util.Collections;
import java.util.Set;

import org.coraframework.authz.AuthenticationInfo;
import org.coraframework.authz.AuthzRealm;
import org.coraframework.authz.Subject;
import org.coraframework.authz.exception.AuthenticationException;
import org.coraframework.authz.exception.UnknownAccountException;
import org.coraframework.inject.Inject;
import org.coraframework.inject.Singleton;
import org.coraframework.orm.Pool;
import org.coraframework.orm.jdbc.JdbcSession;

import com.kehutong.auth.entity.Account;
import com.kehutong.auth.entity.User;
import com.kehutong.auth.enums.AccountStatus;
import com.kehutong.auth.enums.LoginType;
import com.kehutong.common.DoveClient;

/**
 * 系统安全认证实现类
 *
 * @author liuzhen (liuxing521a@kuwan123.com)
 * @createTime 2018年4月21日下午2:26:33
 */
@Singleton
public class AuthorizingRealm extends AuthzRealm {

    @Inject
    private JdbcSession jdbcSession;

    @Inject
    private DoveClient doveClient;

    @Override
    protected Set<String> doGetAuthorizationRoles() {
        return Collections.emptySet();
    }

    @Override
    protected Set<String> doGetAuthorizationPermissions() {
    	return Collections.emptySet();
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationInfo authInfo) throws AuthenticationException {
    	LoginType type = authInfo.getSubject();
    	
    	switch (type) {
		case EMPLOYEE_AUTHOR:
			return loginByEmployeeAuth(authInfo);
		case EMPLOYEE_PASS:
			return loginByEmployeePassWord(authInfo);
		case CUSTOMER_AUTHOR:
			return loginByCustomerAuth(authInfo);
		case CUSTOMER_PASS:
			return loginByCustomerPassword(authInfo);
		case AUTHOR:
			return loginByLocalAuth(authInfo);
		default:
			throw new AuthenticationException("unkown loginType: " + type);
		}
    }
    
    // 员工授权登陆
    private AuthenticationInfo loginByEmployeePassWord(AuthenticationInfo authInfo) {
    	User user = jdbcSession.findOne(User.class)
    				.eq("login_name", authInfo.getUserName())
    				.eq("deleted", false)
    				.exe();
    	if (user == null) {
    		throw new UnknownAccountException("用户未授权:" + authInfo.getUserName());
    	}
    	
    	checkActive(user.getStatus());
		return new AuthenticationInfo(user.getLogin_name(), user.getPassword(), user.getId());
    }
    
    // 员工密码登陆
    private AuthenticationInfo loginByEmployeeAuth(AuthenticationInfo authInfo) {
    	 User user = Pool.get(User.class, authInfo.getUserName());
    	 
    	 checkActive(user.getStatus());
         return new AuthenticationInfo(authInfo.getUserName(), Subject.encrypt(authInfo.getPassword()), user.getId());
    }
    
    // 客户密码登陆
    private AuthenticationInfo loginByCustomerPassword(AuthenticationInfo authInfo) {
    	Account account = jdbcSession.findOne(Account.class)
    				.eq("login_name", authInfo.getUserName())
    				.exe();
    	
    	checkActive(account.getStatus());
		return new AuthenticationInfo(account.getAccount(), account.getPassword(), account.getId());
    	
    }
    
    // 客户授权登陆
    private AuthenticationInfo loginByCustomerAuth(AuthenticationInfo authInfo) {
    	Account account = Pool.get(Account.class, authInfo.getUserName());
       
    	checkActive(account.getStatus());
        return new AuthenticationInfo(authInfo.getUserName(), Subject.encrypt(authInfo.getPassword()), account.getId());
   }

	// 客户通2.0 oauth2.0登录
	private AuthenticationInfo loginByLocalAuth(AuthenticationInfo authInfo) {
		return new AuthenticationInfo(authInfo.getUserName(), Subject.encrypt(authInfo.getPassword()));
	}
    
    private void checkActive(AccountStatus status) {
    	if(status == AccountStatus.DISABLE){
			throw new AuthenticationException("您的账号已被禁用，如需恢复请联系管理员");
		}
    	if (status != AccountStatus.ACTIVE) {
    		throw new AuthenticationException(status.getDesc());
    	}
    }

}
